From: Jeff Lucovsky Date: Sat, 19 Oct 2024 12:07:01 +0000 (-0400) Subject: output/datalink: Use Rust-based linktype hashmap X-Git-Tag: suricata-8.0.0-beta1~160 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=462091114ea084ed24f0e52b83692876ca8f3544;p=thirdparty%2Fsuricata.git output/datalink: Use Rust-based linktype hashmap Use the hasmap to gather linktype display names. Issue: 6954 --- diff --git a/src/decode.h b/src/decode.h index 2206b39a84..b98568a26f 100644 --- a/src/decode.h +++ b/src/decode.h @@ -33,6 +33,7 @@ #include "util-debug.h" #include "decode-events.h" #include "util-exception-policy-types.h" +#include "util-datalink.h" #ifdef PROFILING #include "flow-worker.h" #include "app-layer-protos.h" @@ -1205,45 +1206,6 @@ void DecodeUnregisterCounters(void); #define IPPROTO_SHIM6 140 #endif -/* pcap provides this, but we don't want to depend on libpcap */ -#ifndef DLT_EN10MB -#define DLT_EN10MB 1 -#endif - -#ifndef DLT_C_HDLC -#define DLT_C_HDLC 104 -#endif - -/* taken from pcap's bpf.h */ -#ifndef DLT_RAW -#ifdef __OpenBSD__ -#define DLT_RAW 14 /* raw IP */ -#else -#define DLT_RAW 12 /* raw IP */ -#endif -#endif - -#ifndef DLT_NULL -#define DLT_NULL 0 -#endif - -/** libpcap shows us the way to linktype codes - * \todo we need more & maybe put them in a separate file? */ -#define LINKTYPE_NULL DLT_NULL -#define LINKTYPE_ETHERNET DLT_EN10MB -#define LINKTYPE_LINUX_SLL 113 -#define LINKTYPE_PPP 9 -#define LINKTYPE_RAW DLT_RAW -/* http://www.tcpdump.org/linktypes.html defines DLT_RAW as 101, yet others don't. - * Libpcap on at least OpenBSD returns 101 as datalink type for RAW pcaps though. */ -#define LINKTYPE_RAW2 101 -#define LINKTYPE_IPV4 228 -#define LINKTYPE_IPV6 229 -#define LINKTYPE_GRE_OVER_IP 778 -#define LINKTYPE_CISCO_HDLC DLT_C_HDLC -#define PPP_OVER_GRE 11 -#define VLAN_OVER_GRE 13 - /* Packet Flags */ /** Flag to indicate that packet header or contents should not be inspected */ diff --git a/src/suricata.c b/src/suricata.c index b21a96589b..9977c54d82 100644 --- a/src/suricata.c +++ b/src/suricata.c @@ -400,6 +400,7 @@ void GlobalsDestroy(void) TmqhCleanup(); TmModuleRunDeInit(); ParseSizeDeinit(); + DatalinkTableDeinit(); #ifdef HAVE_DPDK DPDKCleanupEAL(); @@ -2884,6 +2885,7 @@ int InitGlobal(void) /* Initialize the configuration module. */ ConfInit(); + DatalinkTableInit(); VarNameStoreInit(); diff --git a/src/util-datalink.c b/src/util-datalink.c index ad34a2b3a7..e2a203cdb5 100644 --- a/src/util-datalink.c +++ b/src/util-datalink.c @@ -17,6 +17,7 @@ #include "suricata-common.h" #include "util-datalink.h" +#include "rust.h" #include "decode.h" int g_datalink_value = LINKTYPE_NULL; @@ -42,3 +43,31 @@ bool DatalinkHasMultipleValues(void) { return g_datalink_is_multiple == 1; } + +static void *datalink_value_map; + +void DatalinkTableInit(void) +{ + datalink_value_map = SCDatalinkInit(); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_NULL, "NULL"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_ETHERNET, "EN10MB"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_LINUX_SLL, "LINUX_SLL"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_PPP, "PPP"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_RAW, "RAW"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_RAW2, "RAW2"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_GRE_OVER_IP, "GRE_RAW"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_NULL, "NULL"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_CISCO_HDLC, "C_HDLC"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_IPV4, "IPv4"); + SCDatalinkValueNameInsert(datalink_value_map, LINKTYPE_IPV6, "IPv6"); +} + +void DatalinkTableDeinit(void) +{ + SCDatalinkDeInit(datalink_value_map); +} + +const char *DatalinkValueToName(int datalink_value) +{ + return SCDatalinkValueToName(datalink_value_map, datalink_value); +} diff --git a/src/util-datalink.h b/src/util-datalink.h index 024dabe9f8..4d150380e5 100644 --- a/src/util-datalink.h +++ b/src/util-datalink.h @@ -18,8 +18,50 @@ #ifndef SURICATA_UTIL_DATALINK_H #define SURICATA_UTIL_DATALINK_H +#include "util-debug.h" + +/* pcap provides this, but we don't want to depend on libpcap */ +#ifndef DLT_EN10MB +#define DLT_EN10MB 1 +#endif + +#ifndef DLT_C_HDLC +#define DLT_C_HDLC 104 +#endif + +/* taken from pcap's bpf.h */ +#ifndef DLT_RAW +#ifdef __OpenBSD__ +#define DLT_RAW 14 /* raw IP */ +#else +#define DLT_RAW 12 /* raw IP */ +#endif +#endif + +#ifndef DLT_NULL +#define DLT_NULL 0 +#endif + +/** libpcap shows us the way to linktype codes + * \todo we need more & maybe put them in a separate file? */ +#define LINKTYPE_NULL DLT_NULL +#define LINKTYPE_ETHERNET DLT_EN10MB +#define LINKTYPE_LINUX_SLL 113 +#define LINKTYPE_PPP 9 +#define LINKTYPE_RAW DLT_RAW +/* http://www.tcpdump.org/linktypes.html defines DLT_RAW as 101, yet others don't. + * Libpcap on at least OpenBSD returns 101 as datalink type for RAW pcaps though. */ +#define LINKTYPE_RAW2 101 +#define LINKTYPE_IPV4 228 +#define LINKTYPE_IPV6 229 +#define LINKTYPE_GRE_OVER_IP 778 +#define LINKTYPE_CISCO_HDLC DLT_C_HDLC + void DatalinkSetGlobalType(int datalink); int DatalinkGetGlobalType(void); bool DatalinkHasMultipleValues(void); +void DatalinkTableInit(void); +void DatalinkTableDeinit(void); +const char *DatalinkValueToName(int datalink_value); #endif /* SURICATA_UTIL_DATALINK_H */